General
-
Target
Ransomware.WannaCry_Plus.zip
-
Size
164KB
-
Sample
240808-sxsdgsygnf
-
MD5
0a28daa799b042d398545a291b888aea
-
SHA1
f992593481c3bff8be22106ba2bdc164787e5be1
-
SHA256
320b07637a6836f3f245806ede573092942ad7310e2cce43561b88ad25a982cc
-
SHA512
ccf65ba911039edcf866c704f157f0358786872f1878952c5a101e4da6174bc647e62f3dabe6400ff59fa13625bc2123dabf7271cc82c182040ca381e4150e24
-
SSDEEP
3072:agxwh+Srh51lfL2kLxs6/X6OOKeRw+JCT/xzBGXPU0r1geeXpIGkzBrvLEmOEB73:UHotz3uokeOvHS1d1+sNs8wbiWQ/9/v7
Static task
static1
Behavioral task
behavioral1
Sample
Ransomware.WannaCry_Plus.zip
Resource
win11-20240802-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\!satana!.txt
Targets
-
-
Target
Ransomware.WannaCry_Plus.zip
-
Size
164KB
-
MD5
0a28daa799b042d398545a291b888aea
-
SHA1
f992593481c3bff8be22106ba2bdc164787e5be1
-
SHA256
320b07637a6836f3f245806ede573092942ad7310e2cce43561b88ad25a982cc
-
SHA512
ccf65ba911039edcf866c704f157f0358786872f1878952c5a101e4da6174bc647e62f3dabe6400ff59fa13625bc2123dabf7271cc82c182040ca381e4150e24
-
SSDEEP
3072:agxwh+Srh51lfL2kLxs6/X6OOKeRw+JCT/xzBGXPU0r1geeXpIGkzBrvLEmOEB73:UHotz3uokeOvHS1d1+sNs8wbiWQ/9/v7
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1